1. Field of the Invention
The present invention relates to a context-aware role-based access control system and a control method thereof, and more particularly to a context-aware role-based access control system capable of becoming aware of the context of the user, assigning/delegating/revoking a role according to the current context, and modifying/restoring an operation of the permission granted to the corresponding role, and a control method thereof.
2. Description of the Prior Art
With the arrival of the ubiquitous age, an environment is being created where various users use a service together and share various resources and information. In such a ubiquitous environment, an access control mechanism for permitting only a legally authorized subject to access resources and information is required. The access control policies include a discretionary access control (DAC) for optionally determining a subject's access to resources regardless of systems, a mandatory access control (MAC) for enabling a system to determine whether or not an access to resources is allowed, and a role-based access control (RBAC) for controlling the user's access to information based on a role performed by the user.
An RBAC model corresponds to an access control scheme of assigning access permissions for resources not to users, but to roles, and is to grant a role suitable for the current context and to modify the role through utilization of information on environments and the user's context, which are changed in real time. In order to more flexibly cope with the current context of the user, role-based access control schemes, such as a model for performing an access control according to environments through use of a state checking matrix, and a model for modifying a permission for a role according to information on environments through use of a state machine, have been proposed.
However, the conventional role-based access control models have limitations in that it is difficult to make a detailed description of context requests for dynamically providing a user assignment or permission assignment, that a role delegation which may occur in an access control is not taken into consideration because only a role or permission assignment is provided, and that an access control in which a personal preference is reflected is not supported.